19991122 - Make close gnome-ssh-askpass (Debian bug #50299) - OpenBSD CVS Changes - [ssh-keygen.c] don't create ~/.ssh only if the user wants to store the private key there. show fingerprint instead of public-key after keygeneration. ok niels@ - Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h - Added timersub() macro - Tidy RCSIDs of bsd-*.c - Added autoconf test and macro to deal with old PAM libraries pam_strerror definition (one arg vs two). 19991121 - OpenBSD CVS Changes: - [channels.c] make this compile, bad markus - [log.c readconf.c servconf.c ssh.h] bugfix: loglevels are per host in clientconfig, factor out common log-level parsing code. - [servconf.c] remove unused index (-Wall) - [ssh-agent.c] only one 'extern char *__progname' - [sshd.8] document SIGHUP, -Q to synopsis - [sshconnect.c serverloop.c sshd.c packet.c packet.h] [channels.c clientloop.c] SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@ [hope this time my ISP stays alive during commit] - [OVERVIEW README] typos; green@freebsd - [ssh-keygen.c] replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me) exit if writing the key fails (no infinit loop) print usage() everytime we get bad options - [ssh-keygen.c] overflow, djm@mindrot.org - [sshd.c] fix sigchld race; cjc5@po.cwru.edu 19991120 - Merged more Solaris support from Marc G. Fournier - Wrote autoconf tests for integer bit-types - Fixed enabling kerberos support - Fix segfault in ssh-keygen caused by buffer overrun in filename handling. 19991119 - Merged PAM buffer overrun patch from Chip Salzenberg - Merged OpenBSD CVS changes - [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c] more %d vs. %s in fmt-strings - [authfd.c] Integers should not be printed with %s - EGD uses a socket, not a named pipe. Duh. - Fix includes in fingerprint.c - Fix scp progress bar bug again. - Move scp from ${libdir}/ssh to ${libexecdir}/ssh at request of David Rankin - Added autoconf option to enable Kerberos 4 support (untested) - Added autoconf option to enable AFS support (untested) - Added autoconf option to enable S/Key support (untested) - Added autoconf option to enable TCP wrappers support (compiles OK) - Renamed BSD helper function files to bsd-* - Added tests for login and daemon and enable OpenBSD replacements for when they are absent. - Added non-PAM MD5 password support patch from Tudor Bosman 19991118 - Merged OpenBSD CVS changes - [scp.c] foregroundproc() in scp - [sshconnect.h] include fingerprint.h - [sshd.c] bugfix: the log() for passwd-auth escaped during logging changes. - [ssh.1] Spell my name right. - Added openssh.com info to README 19991117 - Merged OpenBSD CVS changes - [ChangeLog.Ylonen] noone needs this anymore - [authfd.c] close-on-exec for auth-socket, ok deraadt - [hostfile.c] in known_hosts key lookup the entry for the bits does not need to match, all the information is contained in n and e. This solves the problem with buggy servers announcing the wrong modulus length. markus and me. - [serverloop.c] bugfix: check for space if child has terminated, from: iedowse@maths.tcd.ie - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c] [fingerprint.c fingerprint.h] rsa key fingerprints, idea from Bjoern Groenvall - [ssh-agent.1] typo - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@ - [sshd.c] force logging to stderr while loading private key file (lost while converting to new log-levels) 19991116 - Fix some Linux libc5 problems reported by Miles Wilson - Merged OpenBSD CVS changes: - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c] [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c] the keysize of rsa-parameter 'n' is passed implizit, a few more checks and warnings about 'pretended' keysizes. - [cipher.c cipher.h packet.c packet.h sshd.c] remove support for cipher RC4 - [ssh.c] a note for legay systems about secuity issues with permanently_set_uid(), the private hostkey and ptrace() - [sshconnect.c] more detailed messages about adding and checking hostkeys 19991115 - Merged OpenBSD CVS changes: - [ssh-add.c] change passphrase loop logic and remove ref to $DISPLAY, ok niels - Changed to ssh-add.c broke askpass support. Revised it to be a little more modular. - Revised autoconf support for enabling/disabling askpass support. - Merged more OpenBSD CVS changes: [auth-krb4.c] - disconnect if getpeername() fails - missing xfree(*client) [canohost.c] - disconnect if getpeername() fails - fix comment: we _do_ disconnect if ip-options are set [sshd.c] - disconnect if getpeername() fails - move checking of remote port to central place [auth-rhosts.c] move checking of remote port to central place [log-server.c] avoid extra fd per sshd, from millert@ [readconf.c] print _all_ bad config-options in ssh(1), too [readconf.h] print _all_ bad config-options in ssh(1), too [ssh.c] print _all_ bad config-options in ssh(1), too [sshconnect.c] disconnect if getpeername() fails - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it. - Various small cleanups to bring diff (against OpenBSD) size down. - Merged more Solaris compability from Marc G. Fournier - Wrote autoconf tests for __progname symbol - RPM spec file fixes from Jim Knoble - Released 1.2pre12 - Another OpenBSD CVS update: - [ssh-keygen.1] fix .Xr 19991114 - Solaris compilation fixes (still imcomplete) 19991113 - Build patch from Niels Kristian Bech Jensen - Don't install config files if they already exist - Fix inclusion of additional preprocessor directives from acconfig.h - Removed redundant inclusions of config.h - Added 'Obsoletes' lines to RPM spec file - Merged OpenBSD CVS changes: - [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels - [scp.c] fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron - Delay fork (-f option) in ssh until after port forwarded connections have been initialised. Patch from Jani Hakala - Added shadow password patch from Thomas Neumann - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled - Tidied default config file some more - Revised Redhat initscript to fix bug: sshd (re)start would fail if executed from inside a ssh login. 19991112 - Merged changes from OpenBSD CVS - [sshd.c] session_key_int may be zero - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config] IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok deraadt,millert - Brought default sshd_config more in line with OpenBSD's - Grab server in gnome-ssh-askpass (Debian bug #49872) - Released 1.2pre10 - Added INSTALL documentation - Merged yet more changes from OpenBSD CVS - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c] [ssh.c ssh.h sshconnect.c sshd.c] make all access to options via 'extern Options options' and 'extern ServerOptions options' respectively; options are no longer passed as arguments: * make options handling more consistent * remove #include "readconf.h" from ssh.h * readconf.h is only included if necessary - [mpaux.c] clear temp buffer - [servconf.c] print _all_ bad options found in configfile - Make ssh-askpass support optional through autoconf - Fix nasty division-by-zero error in scp.c - Released 1.2pre11 19991111 - Added (untested) Entropy Gathering Daemon (EGD) support - Fixed /dev/urandom fd leak (Debian bug #49722) - Merged OpenBSD CVS changes: - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too - Fix integer overflow which was messing up scp's progress bar for large file transfers. Fix submitted to OpenBSD developers. - Merged more OpenBSD CVS changes: - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal() + krb-cleanup cleanup - [clientloop.c log-client.c log-server.c ] [readconf.c readconf.h servconf.c servconf.h ] [ssh.1 ssh.c ssh.h sshd.8] add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd, obsoletes QuietMode and FascistLogging in sshd. - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au: allow session_key_int != sizeof(session_key) [this should fix the pre-assert-removal-core-files] - Updated default config file to use new LogLevel option and to improve readability 19991110 - Merged several minor fixes: - ssh-agent commandline parsing - RPM spec file now installs ssh setuid root - Makefile creates libdir - Merged beginnings of Solaris compability from Marc G. Fournier 19991109 - Autodetection of SSL/Crypto library location via autoconf - Fixed location of ssh-askpass to follow autoconf - Integrated Makefile patch from Niels Kristian Bech Jensen - Autodetection of RSAref library for US users - Minor doc updates - Merged OpenBSD CVS changes: - [rsa.c] bugfix: use correct size for memset() - [sshconnect.c] warn if announced size of modulus 'n' != real size - Added GNOME passphrase requestor (use --with-gnome-askpass) - RPM build now creates subpackages - Released 1.2pre9 19991108 - Removed debian/ directory. This is now being maintained separately. - Added symlinks for slogin in RPM spec file - Fixed permissions on manpages in RPM spec file - Added references to required libraries in README file - Removed config.h.in from CVS - Removed pwdb support (better pluggable auth is provided by glibc) - Made PAM and requisite libdl optional - Removed lots of unnecessary checks from autoconf - Added support and autoconf test for openpty() function (Unix98 pty support) - Fix for scp not finding ssh if not installed as /usr/bin/ssh - Added TODO file - Merged parts of Debian patch From Phil Hands : - Added ssh-askpass program - Added ssh-askpass support to ssh-add.c - Create symlinks for slogin on install - Fix "distclean" target in makefile - Added example for ssh-agent to manpage - Added support for PAM_TEXT_INFO messages - Disable internal /etc/nologin support if PAM enabled - Merged latest OpenBSD CVS changes: - [all] replace assert() with error, fatal or packet_disconnect - [sshd.c] don't send fail-msg but disconnect if too many authentication failures - [sshd.c] remove unused argument. ok dugsong - [sshd.c] typo - [rsa.c] clear buffers used for encryption. ok: niels - [rsa.c] replace assert() with error, fatal or packet_disconnect - [auth-krb4.c] remove unused argument. ok dugsong - Fixed coredump after merge of OpenBSD rsa.c patch - Released 1.2pre8 19991102 - Merged change from OpenBSD CVS - One-line cleanup in sshd.c 19991030 - Integrated debian package support from Dan Brosemer - Merged latest updates for OpenBSD CVS: - channels.[ch] - remove broken x11 fix and document istate/ostate - ssh-agent.c - call setsid() regardless of argv[] - ssh.c - save a few lines when disabling rhosts-{rsa-}auth - Documentation cleanups - Renamed README -> README.Ylonen - Renamed README.openssh ->README 19991029 - Renamed openssh* back to ssh* at request of Theo de Raadt - Incorporated latest changes from OpenBSD's CVS - Integrated Makefile patch from Niels Kristian Bech Jensen - Integrated PAM env patch from Nalin Dahyabhai - Make distclean now removed configure script - Improved PAM logging - Added some debug() calls for PAM - Removed redundant subdirectories - Integrated part of a patch from Dan Brosemer for building on Debian. - Fixed off-by-one error in PAM env patch - Released 1.2pre6 19991028 - Further PAM enhancements. - Much cleaner - Now uses account and session modules for all logins. - Integrated patch from Dan Brosemer - Build fixes - Autoconf - Change binary names to open* - Fixed autoconf script to detect PAM on RH6.1 - Added tests for libpwdb, and OpenBSD functions to autoconf - Released 1.2pre4 - Imported latest OpenBSD CVS code - Updated README.openssh - Released 1.2pre5 19991027 - Adapted PAM patch. - Released 1.0pre2 - Excised my buggy replacements for strlcpy and mkdtemp - Imported correct OpenBSD strlcpy and mkdtemp routines. - Reduced arc4random_stir entropy read to 32 bytes (256 bits) - Picked up correct version number from OpenBSD - Added sshd.pam PAM configuration file - Added sshd.init Redhat init script - Added openssh.spec RPM spec file - Released 1.2pre3 19991026 - Fixed include paths of OpenSSL functions - Use OpenSSL MD5 routines - Imported RC4 code from nanocrypt - Wrote replacements for OpenBSD arc4random* functions - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1